Re: FW: block internet at two workstations

["Jerry M. Howell II" <jmhowell () jmhowell com>]

On Wed, May 07, 2003 at 10:43:36AM -0500, Lee Burleson wrote:
> That was a good suggestion, IMO.
>
> If the security is set up properly on the workstations, the users should not 
> have permissions to modify the default gateway or set static routes.
>
> However if, for some reason, you have a proxy server that is on the local 
> network, the user would still be able to point the browser at it and be home 
> free.  To solve this, you would set permanant static routes that nullify 
> that kind of access.  Again, user privliges will not allow modification of 
> your changes.
>
> Heck, if you don't have local resources that the machines need to access, 
> you could just disable the NIC!  Or even remove it!
Can you just set up 2 subnets. One that has the 8 that need access to
the net and one that only has access to the local subnets? Might be a
little over simplified but that would be my first choice.
-- 
Jerry M. Howell II

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------